I've been looking online for this answer, but getting conflicting information. I was under the impression that you couldn't use a VLAN across a router, but maybe it's possible (according to some documentation I see online)? I was hoping someone could clear it up for me. Here's what I'm working with:

We have a remote site with a handful of users. We recently gave them an access point (Cisco 1142n) for internal wireless. It's plugged into a switch and working fine (getting IPs from the same DHCP scope as the wired users are getting). Private wireless is set on VL50.

At the home office we have private wireless for our internal network working and on VL50, with a test VLAN setup for VL60, which points to our DSL line for the time being. Both private and public wireless works fine internally (not crossing a router). VL50 is named the same at both sites for consistency in naming.

If we wanted to give the remote site access to the public wireless (VL60), would that be possible across the routers? For more information, currently the site is connected to the home office via a T1 connection, Cisco routers on both ends.

I didn't think it was possible due to the nature of VLANS being layer 2. But, I am from from an expert on this and would appreciate any instruction as to the actual truth of the matter.

The end result I'm going for is, how to get our remote sites access to a public (outside) connection along with their private connection, without actually having a DSL (or similar type line) dropped at their location?

Are you trying to make sure that users in Vlan60 cannot access the internal corporate network?. If so, do you also want to prevent users in Vlan50 from accessing the DSL line attached to Vlan 60?
–
Mike PenningtonJul 2 '12 at 20:17

2 Answers
2

Some network equipment will support stretched VLANs. But now you're putting all your layer-2 traffic across a WAN link. Is that really the best way to accomplish your goals? It sounds like just simple routing and access-lists should do what you want.

Thanks for the response, mfinni. Would you mind expanding on that thought some more? I was thinking I want to keep the public and private traffic as separate as possible. The public will most likely host BYOD type equipment and the private side currently is all setup based on the users' AD credentials and wireless profile, allowing only the company issued laptops to connect. Thanks!
–
DonJun 22 '12 at 19:35

Without a diagram, I'm not sure I fully understand your goals, to be honest.
–
mfinniJun 23 '12 at 18:45